Attachment 66105 Details for Bug 102631 – patch to fix possible buffer overflows + format string bugs

[patch] patch to fix possible buffer overflows + format string bugs

ttd_bugs.patch (text/plain), 6.07 KB, created by Alexey Dobriyan on 2005-08-16 15:40:39 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Alexey Dobriyan

Created: 2005-08-16 15:40:39 UTC

Size: 6.07 KB

patch

obsolete

>diff -uprN openttd-0.4.0.1/console_cmds.c openttd-0.4.0.1-whoops/console_cmds.c
>--- openttd-0.4.0.1/console_cmds.c	2005-05-20 21:59:24.000000000 +0400
>+++ openttd-0.4.0.1-whoops/console_cmds.c	2005-08-17 02:25:28.000000000 +0400
>@@ -1101,7 +1101,7 @@ DEF_CONSOLE_HOOK(ConProcPlayerName)
> 			SEND_COMMAND(PACKET_CLIENT_SET_NAME)(_network_player_name);
> 		} else {
> 			if (NetworkFindName(_network_player_name)) {
>-				NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, _network_player_name);
>+				NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", _network_player_name);
> 				ttd_strlcpy(ci->client_name, _network_player_name, sizeof(ci->client_name));
> 				NetworkUpdateClientInfo(NETWORK_SERVER_INDEX);
> 			}
>diff -uprN openttd-0.4.0.1/network.c openttd-0.4.0.1-whoops/network.c
>--- openttd-0.4.0.1/network.c	2005-05-17 20:01:19.000000000 +0400
>+++ openttd-0.4.0.1-whoops/network.c	2005-08-17 02:27:49.000000000 +0400
>@@ -96,7 +96,7 @@ void CDECL NetworkTextMessage(NetworkAct
> 	StringID TempStr = STR_NULL;
> 
> 	va_start(va, str);
>-	vsprintf(buf, str, va);
>+	vsnprintf(buf, sizeof(buf), str, va);
> 	va_end(va);
> 
> 	switch (action) {
>diff -uprN openttd-0.4.0.1/network_client.c openttd-0.4.0.1-whoops/network_client.c
>--- openttd-0.4.0.1/network_client.c	2005-05-15 22:50:55.000000000 +0400
>+++ openttd-0.4.0.1-whoops/network_client.c	2005-08-17 02:11:50.000000000 +0400
>@@ -344,7 +344,7 @@ DEF_CLIENT_RECEIVE_COMMAND(PACKET_SERVER
> 	if (ci != NULL) {
> 		if (playas == ci->client_playas && strcmp(name, ci->client_name) != 0) {
> 			// Client name changed, display the change
>-			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, name);
>+			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", name);
> 		} else if (playas != ci->client_playas) {
> 			// The player changed from client-player..
> 			// Do not display that for now
>@@ -687,7 +687,7 @@ DEF_CLIENT_RECEIVE_COMMAND(PACKET_SERVER
> 
> 	ci = NetworkFindClientInfoFromIndex(index);
> 	if (ci != NULL) {
>-		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, str);
>+		NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, ci->client_name, "%s", str);
> 
> 		// The client is gone, give the NetworkClientInfo free
> 		ci->client_index = NETWORK_EMPTY_INDEX;
>diff -uprN openttd-0.4.0.1/network_server.c openttd-0.4.0.1-whoops/network_server.c
>--- openttd-0.4.0.1/network_server.c	2005-05-17 22:22:59.000000000 +0400
>+++ openttd-0.4.0.1-whoops/network_server.c	2005-08-17 02:33:10.000000000 +0400
>@@ -936,7 +936,7 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT
> 
> 	NetworkGetClientName(client_name, sizeof(client_name), cs);
> 
>-	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, str);
>+	NetworkTextMessage(NETWORK_ACTION_LEAVE, 1, false, client_name, "%s", str);
> 
> 	FOR_ALL_CLIENTS(new_cs) {
> 		if (new_cs->status > STATUS_AUTH) {
>@@ -1111,7 +1111,7 @@ DEF_SERVER_RECEIVE_COMMAND(PACKET_CLIENT
> 	if (ci != NULL) {
> 		// Display change
> 		if (NetworkFindName(client_name)) {
>-			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, client_name);
>+			NetworkTextMessage(NETWORK_ACTION_NAME_CHANGE, 1, false, ci->client_name, "%s", client_name);
> 			ttd_strlcpy(ci->client_name, client_name, sizeof(ci->client_name));
> 			NetworkUpdateClientInfo(ci->client_index);
> 		}
>diff -uprN openttd-0.4.0.1/os2.c openttd-0.4.0.1-whoops/os2.c
>--- openttd-0.4.0.1/os2.c	2005-05-15 18:01:35.000000000 +0400
>+++ openttd-0.4.0.1-whoops/os2.c	2005-08-17 02:26:28.000000000 +0400
>@@ -642,7 +642,7 @@ static long CDECL MidiSendCommand(const 
> 	va_list va;
> 	char buf[512];
> 	va_start(va, cmd);
>-	vsprintf(buf, cmd, va);
>+	vsnprintf(buf, sizeof(buf), cmd, va);
> 	va_end(va);
> 	return mciSendString(buf, NULL, 0, NULL, 0);
> }
>diff -uprN openttd-0.4.0.1/strgen/strgen.c openttd-0.4.0.1-whoops/strgen/strgen.c
>--- openttd-0.4.0.1/strgen/strgen.c	2005-04-24 19:41:01.000000000 +0400
>+++ openttd-0.4.0.1-whoops/strgen/strgen.c	2005-08-17 02:28:31.000000000 +0400
>@@ -84,7 +84,7 @@ void warning(const char *s, ...) {
> 	char buf[1024];
> 	va_list va;
> 	va_start(va, s);
>-	vsprintf(buf, s, va);
>+	vsnprintf(buf, sizeof(buf), s, va);
> 	va_end(va);
> 	fprintf(stderr, "%d: ERROR: %s\n", _cur_line, buf);
> 	_warnings = true;
>@@ -94,7 +94,7 @@ void NORETURN error(const char *s, ...) 
> 	char buf[1024];
> 	va_list va;
> 	va_start(va, s);
>-	vsprintf(buf, s, va);
>+	vsnprintf(buf, sizeof(buf), s, va);
> 	va_end(va);
> 	fprintf(stderr, "%d: FATAL: %s\n", _cur_line, buf);
> 	exit(1);
>diff -uprN openttd-0.4.0.1/texteff.c openttd-0.4.0.1-whoops/texteff.c
>--- openttd-0.4.0.1/texteff.c	2005-03-28 16:38:02.000000000 +0400
>+++ openttd-0.4.0.1-whoops/texteff.c	2005-08-17 02:28:04.000000000 +0400
>@@ -57,7 +57,7 @@ void CDECL AddTextMessage(uint16 color, 
> 	int length;
> 
> 	va_start(va, message);
>-	vsprintf(buf, message, va);
>+	vsnprintf(buf, sizeof(buf), message, va);
> 	va_end(va);
> 
> 	/* Special color magic */
>diff -uprN openttd-0.4.0.1/ttd.c openttd-0.4.0.1-whoops/ttd.c
>--- openttd-0.4.0.1/ttd.c	2005-05-16 20:19:32.000000000 +0400
>+++ openttd-0.4.0.1-whoops/ttd.c	2005-08-17 02:27:22.000000000 +0400
>@@ -70,7 +70,7 @@ void CDECL error(const char *s, ...) {
> 	va_list va;
> 	char buf[512];
> 	va_start(va, s);
>-	vsprintf(buf, s, va);
>+	vsnprintf(buf, sizeof(buf), s, va);
> 	va_end(va);
> 
> 	ShowOSErrorBox(buf);
>@@ -86,7 +86,7 @@ void CDECL ShowInfoF(const char *str, ..
> 	va_list va;
> 	char buf[1024];
> 	va_start(va, str);
>-	vsprintf(buf, str, va);
>+	vsnprintf(buf, sizeof(buf), str, va);
> 	va_end(va);
> 	ShowInfo(buf);
> }
>@@ -99,7 +99,7 @@ char * CDECL str_fmt(const char *str, ..
> 	char *p;
> 
> 	va_start(va, str);
>-	len = vsprintf(buf, str, va);
>+	len = vsnprintf(buf, sizeof(buf), str, va);
> 	va_end(va);
> 	p = malloc(len + 1);
> 	if (p)
>diff -uprN openttd-0.4.0.1/win32.c openttd-0.4.0.1-whoops/win32.c
>--- openttd-0.4.0.1/win32.c	2005-05-16 20:19:32.000000000 +0400
>+++ openttd-0.4.0.1-whoops/win32.c	2005-08-17 02:28:44.000000000 +0400
>@@ -841,7 +841,7 @@ static long CDECL MidiSendCommand(const 
> 	char buf[512];
> 
> 	va_start(va, cmd);
>-	vsprintf(buf, cmd, va);
>+	vsnprintf(buf, sizeof(buf), cmd, va);
> 	va_end(va);
> 	return mciSendStringA(buf, NULL, 0, 0);
> }

Actions: View | Diff

Attachments on bug 102631: 66105